xthexder
@xthexder@l.sw0.com
- Comment on Passkeys Explained: The End of Passwords 3 days ago:
Companies should already be storing password hashes, so the risk of leaking a hash vs a public key is roughly the same. It’s just that private keys are generally longer than passwords and therefore harder to bruitforce.
Any company storing passwords in a recoverable format deserves to be hacked.
- Comment on Passkeys Explained: The End of Passwords 3 days ago:
Lack of adoption doesn’t really make password managers a workaround. What’s being worked around? People’s laziness?
Password managers actually do solve the phishing problem to an extent, since if you’re using it properly, you’ll have a unique password for every service, limiting the scope of the problem.
Putting TOTP 2fa codes in your password manager behind the same password as everything else actually destroys any additional security added by 2fa, since it puts you back to a single auth factor.
- Comment on Artist sneaks AI-generated print into National Museum Cardiff gallery 3 days ago:
Lol, that print has more creases on it than a homework assignment that’s spent all day in my backpack
- Comment on The 512KB Club is a collection of performance-focused web pages from across the Internet. To qualify your website must both be actually useful and under 512KB in size. 1 week ago:
In an ideal world, there’s enough CSS/JS inlined in the HTML that the page layout is consistent and usable without secondary requests.
- Comment on Death of beloved neighborhood cat sparks outrage against robotaxis in San Francisco 1 week ago:
There might be some CAT6 cable inside somewhere
- Comment on ProtonMail Logged IP Address of French Activist; Should You Be Worried About Your Privacy? 1 week ago:
This seems necessary if they’re to maintain an IP ban list. You shouldn’t just be able to unban yourself by submitting an information deletion request.
- Comment on China solves 'century-old problem' with new analog chip that is 1,000 times faster than high-end Nvidia GPUs 1 week ago:
Maybe they’re about to solder it on “dead-bug” style? lol
- Comment on Fight me 3 weeks ago:
Ground-source heat pumps seem like they could be the new hotness. You don’t have to dig very deep before the ground is a constant temperature, so that can be used to increase the efficiency even further in extremely hot/cold weather.
Tech Ingredients did a nice little DIY experiment with it.
- Comment on Just answer the question you fuckin' nerd 3 weeks ago:
I take my coffee black-hole seriously.
- Comment on Why Signal’s post-quantum makeover is an amazing engineering achievement 3 weeks ago:
TCP will generally send up to 10 packets immediately without waiting for the ACKs (depending on the configured window size).
Generally any messages or websites under 14kb will be transmitted in a single round-trip assuming no packets are dropped.
- Comment on Tragic Titan submersible’s $62 SanDisk memory card found undamaged at wreckage site 3 weeks ago:
Well, it’s an order of magnitude less force than the “server room” experienced, considering the whole rack of computers was compressed into a solid mass.
SanDisk SD cards are actually rated for up to 500Gs, and with how light the SD card is, it can survive these indirect impacts more easily. “1000s of Gs” is just a completely random estimate considering how some of the other heavier internal camera parts were damaged (a circuit board connector sheared off).
- Comment on Tragic Titan submersible’s $62 SanDisk memory card found undamaged at wreckage site 3 weeks ago:
They used 3 mini PCs with SSDs, which all of them were completely smashed and unrecoverable. the flash chips were all cracked or missing.
- Comment on Tragic Titan submersible’s $62 SanDisk memory card found undamaged at wreckage site 3 weeks ago:
The SD card was from inside a titanium cased underwater camera that was mounted outside the hull. It wasn’t actually in the implosion, it just survived the shockwave (which was probably 1000s of Gs, so still impressive)
- Comment on DIY YouTuber builds cheap VR headset and makes it open-source 4 weeks ago:
Yeah, I’d expect this to be similar latency and accuracy. Lighthouse can do full 6dof tracking at a room scale too, not just sitting head tracking for a seated position like it seems opentrack does
- Comment on EU Chat Control didnt pass - proving the media got to alot of you 4 weeks ago:
What does any of this have to do with the government forcing backdoors into otherwise encrypted chats? The point is that nobody but the recipient can read it, not even governments.
- Comment on kurzgesagt – AI Slop Is Killing Our Channel 5 weeks ago:
the CEO of Kurzgesagt word that they would not have made the videos if they hadn’t been paid to
This on its own proves nothing bad. Some videos just require a bigger budget to make and can’t be made on their otherwise limited budget. Or the topic is just lower priority due to writer interests. If they were forced into covering specific topics then that’s a different story, but I haven’t seen any evidence that was the case.
- Comment on Excel's AI: 20% of the time, it works every time 1 month ago:
- Comment on Excel's AI: 20% of the time, it works every time 1 month ago:
Sounds like a good way to AI-wash any accounting fraud. Now you can just blame it on Microsoft.
- Comment on Apple has REMOVED the ICEBlock app from the App Store due to “objectionable content.” 1 month ago:
A famously useful tool for saving miners from suffocation?
- Comment on 'Windmill': China tests world’s first megawatt-level airship to capture high winds 1 month ago:
I’m pretty sure Hindenburg would have been able to land somewhere instead of crashing out of the air if it used Helium. The surface catching fire wouldn’t spread nearly as quickly as the cells exploding with hydrogen gas. I’m not sure what material the cells were made out of, but I doubt it burns like flash paper.
- Comment on The 2025 Ig Nobel Prize Winners 1 month ago:
35th First Annual Ig Nobel Prize What? You can’t have 35 “First” annual events
- Comment on A ‘demoralizing' trend has computer science grads out of work — even minimum wage jobs. Are 6-figure tech careers over? 1 month ago:
$60k a year is not enough to live comfortably in most of the cities with tech hubs. Rent alone would be 60+% of your paycheck, plus utilities and a car to get to work, you might be going hungry.
- Comment on Get ready to see ads on your… Samsung refrigerator 1 month ago:
All the terrible touch features they’re adding to cars these days makes me think a brand new car today would go obsolete before a 10 year old used car with 100k miles. New cars are unrepairable because of how complicated they are.
- Comment on Get ready to see ads on your… Samsung refrigerator 1 month ago:
Even the $3000 Samsung TVs have afs if you connect them to the Internet. Noone is safe
- Comment on Beggars can't be choosers 2 months ago:
Usually the opposite is true when gutters are this clogged. They turn into a swamp.
- Comment on Bye Intel, hi AMD! I’m done after 2 dead Intels 2 months ago:
I’ve got a 9700X and it absolutely rips at only 65W
- Comment on Google's plan to restrict sideloading on Android has a potential escape hatch for users 2 months ago:
The trusted 3rd party in this case is actually multiple 3rd parties. There’s several options for trusted timestamping just like there’s multiple trusted root CAs for SSL. Since the timestamping service is free and public, anyone can use it to sign anything, even self-signed certificates. There’s no mechanism to deny access, at least for this portion.
There’s always a risk the root CAs all collude and refuse to give out certificates to people they don’t like, but at least so far this hasn’t been a problem. I don’t have a better solution unfortunately. If we could have a 100% decentralized signing scheme that would be ideal, but I have no idea how you would build such a thing without identity verification and some inherit trust in the system
- Comment on Google's plan to restrict sideloading on Android has a potential escape hatch for users 2 months ago:
This isn’t “my idea”, this is how the industry already does code signing. You can’t sign something with a date of 1984 because your certificate has a start and end date, and is usually only valid for 1 year.
You can read more about how this works here: …digicert.com/…/rfc3161-compliant-time-stamp-auth…
- Comment on Google's plan to restrict sideloading on Android has a potential escape hatch for users 2 months ago:
Code signing certificates work a little differently than SSL certificates. A timestamp is included in the signature so the certificate only needs to be valid at the time of signing. The executable will remain valid forever, even if the certificate later expires. (This is how it works on Windows)
- Comment on i 💚 animals. 2 months ago:
Loads of new technologies are discovered because of people mixing disciplines that hadn’t been put together before. A new perspective on a problem can make a massive difference!
